Skip to content
Vidos Logo Vidos

Transaction data validation policy reference

This policy validates transaction_data_hashes from the key binding JWT (kb-jwt) against expected transaction_data items.

What it validates

Section titled “What it validates”
  • Reads expected transaction data items from validator request options.policyParams.transactionData.items
  • Uses each item in its original base64url-encoded form for hashing
  • Reads transaction_data_hashes and transaction_data_hashes_alg from kb-jwt payload
  • Enforces OID4VP hash algorithm rules:
    • default sha-256 when no algorithm is provided
    • transaction_data_hashes_alg required when requested in transaction data profile

Configuration

Section titled “Configuration”
{
    "transactionData": {
        "skip": false,
        "onHashMismatch": "error"
    }
}
  • skip: skip the policy completely
  • onHashMismatch: action when no expected hash matches (valid, warning, error)

Required input

Section titled “Required input”

options.policyParams.transactionData supports:

{
    "transactionData": {
        "items": ["<base64url-encoded transaction_data entry>"],
        "required": true
    }
}
  • items must contain the expected transaction data entries in original base64url format
  • required: true fails when kb-jwt does not contain transaction_data_hashes